How do I tell if my connection to a website is secure?

The Site Identity button is a Firefox security feature that gives you more information about the sites you visit. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website and who verified that they own it. This should help you avoid malicious websites that are trying to obtain your personal information.

The Site Identity button is in the Location bar to the left of the web address.

When viewing a website, the Site Identity button will be one of five icons - a gray globe, a gray warning triangle, an orange warning triangle, a gray padlock, or a green padlock. Clicking on these icons will display identity and security information about the website.

Clicking on the More Information button on the pop-up panel will show more details about the privacy and security settings of that site, such as certificate information, cookies and your saved password history.

The Site Identity button appears in your address bar to communicate security information about sites you visit. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website and who verified that they own it. This should help you avoid malicious websites that are trying to obtain your personal information.

The Site Identity button is in the address bar to the left of the web address. Most commonly, when viewing a website, the Site Identity button will be either a gray globe or a green padlock.

However, in some rarer circumstances, it may also be a green padlock with a gray warning triangle, a gray padlock with a yellow warning triangle, or a gray padlock with a red strikethrough.

Clicking the Site Identity button brings up the Control Center, which allows you to view identity information about the site and to change security settings.

The Site Identity button (a padlock) appears in your address bar when you visit a secure website. You can quickly find out if the connection to the website you are viewing is encrypted, and in some cases who owns the website. This should help you avoid malicious websites that are trying to obtain your personal information.

The Site Identity button is in the address bar to the left of the web address. Most commonly, when viewing a secure website, the Site Identity button will be a green padlock.

However, in some rarer circumstances, it may also be a green padlock with a gray warning triangle, a gray padlock with a yellow warning triangle, or a gray padlock with a red strikethrough.

Note: Clicking the
button at the left of the address bar brings up the Control Center, which allows you to view more detailed information about the connection's security status and to change some security and privacy settings.

Gray globe

The connection between Firefox and the website is not encrypted and should not be considered safe against eavesdropping.

The website does not supply identity information.

Many websites will have the gray globe because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections.

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity button should not be a gray globe icon.

Gray warning triangle

A gray warning triangle indicates:

The website does not supply identity information.

The connection between Firefox and the website is only partially encrypted, doesn't prevent eavesdropping and is not fully secure because it contains unencrypted elements (such as images, video or audio). Other people can view or modify these elements, but not the main web page content (such as text).

Orange warning triangle

An orange warning triangle indicates:

The website does not supply identity information.

The connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping. The website contains interactive content that isn't encrypted (such as scripts). Other people can view your information or modify the website's behavior.

It implies that you've previously allowed the mixed active content served over HTTPS to be loaded, displayed or executed for the website despite the risks. See Mixed content blocking in Firefox.

Going to another website in the current tab and then going back or re-visiting the website in a new tab will block back certain HTTP requests to lower threats, change the icon to its previous state (a gray warning triangle for mixed passive content and gray or green padlock otherwise) and display the content mixer shield icon. For information about the mixed content block, see Mixed content blocking in Firefox.

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity button should not be an orange warning triangle icon.

Gray padlock

A gray padlock indicates:

The website's address has been verified.

The connection between Firefox and the website is encrypted to prevent eavesdropping.

When a domain has been verified, it means that the people who are running the site have bought a certificate proving that the domain is not being spoofed. For example, FacebookWikimedia Foundation has this sort of certificate and an encrypted connection, so the Site Identity button displays a gray padlock. When you click on the padlock, it tells you that you are actually connected to facebook.comwikipedia.org as certified by VeriSign Inc.GlobalSign nv-sa. It also assures you that the connection is encrypted so no one can eavesdrop on the connection and steal your FacebookWikipedia login information that way.

However, it is not verified who actually owns the domain in question. There is no guarantee that facebook.comwikipedia.org is actually owned by Facebook the companyWikimedia Foundation. The only things that are guaranteed are that the domain is a valid domain, and that the connection to it is encrypted.

Green padlock

A green padlock indicates:

The website's address has been verified using an Extended Validation (EV) certificate.

The connection between Firefox and the website is encrypted to prevent eavesdropping.

A green padlock plus the name of the company or organization in green means this website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. While the gray padlock indicates that a site uses a secure connection, the green padlock indicates that the connection is secure and that the owners of the domain are who you would expect them to be.

With the EV certificate, the Site Identity button assures you that paypal.commozilla.org is owned by Paypal Inc.Mozilla Foundation, for example. Not only does the padlock turn green on the Paypal siteMozilla official website, it also expands and displays the name of the owner in the button itself.

Gray globe

A gray globe indicates that the connection between Firefox and the website is not encrypted, and therefore should not be considered safe against eavesdropping or man-in-the-middle attacks.

Many websites will have the gray globe because they don't involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections.

Note: Do not send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to sites where the Site Identity button has a gray globe icon.

Warning: You should never send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to a website without the padlock icon in the address bar - in this case it is neither verified that you are communicating with the intended website, nor is your data safe against eavesdropping!

Green padlock

A green padlock (with or without an organization name) indicates that:

You are definitely connected to the website whose address is shown in the address bar; the connection has not been intercepted.

The connection between Firefox and the website is encrypted to prevent eavesdropping.

A green padlock plus the name of the company or organization, also in green, means this website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates.

For sites using EV certificates, the Site Identity button displays both a green padlock and the legal company or organization name and location of the owner of the website, so you know who is operating it. For example, it shows that mozilla.org is owned by the Mozilla Foundation.

Green padlock with gray warning triangle

A green padlock with a gray warning triangle
indicates that the site is secure; however, Firefox has blocked insecure content and so the site may not necessarily display or work entirely correctly. See Mixed content blocking in Firefox for more information. This is a problem the site developer needs to resolve.

Gray padlock with yellow warning triangle

A gray padlock with a yellow warning triangle indicates that the connection between Firefox and the website is only partially encrypted and doesn't prevent eavesdropping.

Note: Do not send any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) to sites where the Site Identity button has a gray padlock with red strikethrough icon.